msticpy. library for InfoSec investigation and hunting in Jupyter Notebooks, from Microsoft Threat Intelligence github.com/microsoft/msticpy

🎉 Announcing MSTICPy 3.0 🚀 A big step for our Python threat hunting library. (also passed the 1M downloads - currently 1.3M)!🍾 Release 3 is mainly a cleanup release, new Py version support, clearing out old junk. But new features also. See details: github.com/microsoft/msticpy…

Thanks for covering it! MSTICpy is an open source threat intelligence swiss army knife. You can check it here github.com/microsoft/msticpy Also for codex for malware analysis I was talking about the private preview they released I think it is called Codex Security now😊

MSTICPy v2.17.0 released - new RRCF outlier detection - AWS extension for Prisma Cloud AWS - Update Defender Auth to OAuth v2 and fix bugs - Python 3.12 support More details here github.com/microsoft/msticpy… @msticpy

GitHub - microsoft/msticpy: Microsoft Threat Intelligence Security Tools github.com/microsoft/msticpy

GitHub - microsoft/msticpy: Microsoft Threat Intelligence Security Tools #yamasec github.com/microsoft/msticpy

🔬 March: I created the MSTICpy GPT to assist with MSTICpy tasks. I spent a weekend analyzing the XZ Backdoor, creating 2 graphics to explain the threat during chaos, with over 1M views 🌟— it was featured by media, podcasts, and YouTube channels. x.com/fr0gger_/status/177434…

github.com/microsoft/msticpy… msticpy v2.15 released🎉 including my PR of multidimensional plot for outlier result with isolation forest. #msticpy

msticpy: Microsoft Threat Intelligence Security Tools meterpreter.org/msticpy-micr…

なんでmsticpyのsentinelインシデント操作はID指定させるのに、ウォッチリスト操作はID指定させずに新規作成ってスタンスなんだろ。 しかもレコード一致しても上書きできないし... 実は上書きできるのかな、中身見るか。

#msticpy v13.0 was being released!! github.com/microsoft/msticpy… Thanks for continuous releases, @msticpy. Searching for the next PR topic :)

Pandas is the best once u get hang of it. I used pandas with msticpy and it was delicious

Must have skills to be in Cybersecurity💻 📶1-NETWORK ANALYSIS ·Wireshark: wireshark.org ·pfSense: pfsense.org ·Arkime: arkime.com ·Snort: snort.org Suricata: suricata.io 👾2-OS ANALYSIS ·Helk: lnkd.in/di4rQuNb ·Volatility: lnkd.in/dBr4yVYa ·RegRipper: lnkd.in/dq2hTNQw ·OSSEC: ossec.net ·osquery: osquery.io ⚠️3-INCIDENT MANAGEMENT ·TheHive: lnkd.in/dkR-d4JB ·GRR Rapid Response: lnkd.in/d42-6faP 🛡️4-HONEYPOTS ·Kippo: lnkd.in/d2ypa3j4 ·Cowrie: lnkd.in/dAR68JQt ·Dockpot: lnkd.in/dgn7MpQg ·HonSSH: lnkd.in/dMKptyHz 📁5-THREAT INTELLIGENCE ·Misp: lnkd.in/dkcbKsTN ·MSTICPy: lnkd.in/dBjgWVqY .Threatpost: threatpost.com Dark Reading: lnkd.in/df3bwx2n 📃6-EDR ·Cortex XDR: lnkd.in/devusd8T ·Cynet 360: lnkd.in/dZTXUwBE ·FortiEDR: lnkd.in/daTMkVxb .Xcitium: lnkd.in/d6U4_auq ✍🏻7-SIEM ·OSSIM: lnkd.in/dXegU3-5 ·Splunk: splunk.com ·LogRhythm: logrhythm.com ·Wazuh: wazuh.com .Qradar: lnkd.in/dCtbkk-H Credit: @harshleenchawl2

Some Skills Needed for Your Cybersecurity Career 📶1-NETWORK ANALYSIS ·Wireshark: wireshark.org ·pfSense: pfsense.org ·Arkime: arkime.com ·Snort: snort.org Suricata: suricata.io 👾2-OS ANALYSIS ·Helk: lnkd.in/di4rQuNb ·Volatility: lnkd.in/dBr4yVYa ·RegRipper: lnkd.in/dq2hTNQw ·OSSEC: ossec.net ·osquery: osquery.io ⚠️3-INCIDENT MANAGEMENT ·TheHive: lnkd.in/dkR-d4JB ·GRR Rapid Response: lnkd.in/d42-6faP 🛡️4-HONEYPOTS ·Kippo: lnkd.in/d2ypa3j4 ·Cowrie: lnkd.in/dAR68JQt ·Dockpot: lnkd.in/dgn7MpQg ·HonSSH: lnkd.in/dMKptyHz 📁5-THREAT INTELLIGENCE ·Misp: lnkd.in/dkcbKsTN ·MSTICPy: lnkd.in/dBjgWVqY .Threatpost: threatpost.com Dark Reading: lnkd.in/df3bwx2n 📃6-EDR ·Cortex XDR: lnkd.in/devusd8T ·Cynet 360: lnkd.in/dZTXUwBE ·FortiEDR: lnkd.in/daTMkVxb .Xcitium: lnkd.in/d6U4_auq ✍🏻7-SIEM ·OSSIM: lnkd.in/dXegU3-5 ·Splunk: splunk.com ·LogRhythm: logrhythm.com ·Wazuh: wazuh.com .Qradar: lnkd.in/dCtbkk-H

Must have skills to be in Cybersecurity💻 📶1-NETWORK ANALYSIS ·Wireshark: wireshark.org ·pfSense: pfsense.org ·Arkime: arkime.com ·Snort: snort.org Suricata: suricata.io/ 👾2-OS ANALYSIS ·Helk: lnkd.in/di4rQuNb ·Volatility: lnkd.in/dBr4yVYa ·RegRipper: lnkd.in/dq2hTNQw ·OSSEC: ossec.net ·osquery: osquery.io ⚠️3-INCIDENT MANAGEMENT ·TheHive: lnkd.in/dkR-d4JB ·GRR Rapid Response: lnkd.in/d42-6faP 🛡️4-HONEYPOTS ·Kippo: lnkd.in/d2ypa3j4 ·Cowrie: lnkd.in/dAR68JQt ·Dockpot: lnkd.in/dgn7MpQg ·HonSSH: lnkd.in/dMKptyHz 📁5-THREAT INTELLIGENCE ·Misp: lnkd.in/dkcbKsTN ·MSTICPy: lnkd.in/dBjgWVqY .Threatpost: threatpost.com/ Dark Reading: lnkd.in/df3bwx2n 📃6-EDR ·Cortex XDR: lnkd.in/devusd8T ·Cynet 360: lnkd.in/dZTXUwBE ·FortiEDR: lnkd.in/daTMkVxb .Xcitium: lnkd.in/d6U4_auq ✍🏻7-SIEM ·OSSIM: lnkd.in/dXegU3-5 ·Splunk: splunk.com ·LogRhythm: logrhythm.com ·Wazuh: wazuh.com .Qradar: lnkd.in/dCtbkk-H

I recently created a MSTICpy GPT assistant. This assistant uses most of the documentation and previous notebooks 📚 You can use it to kickstart your journey with MSTICpy or to help you in your investigation! 🤓 Although we are still testing it, it is now available! Check it out! #infosec #python #gpt cc: @msticpy @ianhellen 👉 chat.openai.com/g/g-4VQxTTcc…

🔎 Applying LLMs to Threat Intelligence Use Retrieval Augmented Generation (RAG) to ask questions of MITRE ATT&CK Groups Build ReAct Agent that wraps MSTICpy (Python library for threat intel) as Tools → Agent can query VirusTotal By @fr0gger_ blog.securitybreak.io/applyi…

MSTICPy 2.11.0 released This minor release includes: - Better handling of large/split queries for MS Sentinel - Updated support for installing MSTICPy in a Conda environment - Updates for future pandas support github.com/microsoft/msticpy…

🔵Blue Team 🔵 ✅ Wireshark ✅pfSense ✅Arkime ✅ Snort ✅ TheHive ✅ GRR Rapid Response ✅ Misp ✅ MSTICPy ✅ Cortex XDR ✅ Cynet 360 ✅ FortiEDR ✅HELK ✅Volatility ✅Autopsy ✅ Wazuh ✅OSSEC ✅Kippo ✅ osquery ✅ Cowrie ✅ Dockpot ✅ HonSSH ✅ OSSIM ✅Splunk ✅ LogRhythm